CVE-2025-10127
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Daikin Europe N.V
Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Daikin Europe N.V | Security Gateway | App: 100, Frm: 214 | affected |
Weaknesses
- CWE-640: CWE-640
Workarounds
Daikin Europe N.V
has reported they will not fix this vulnerability and will respond directly to user inquiries.
For more information, contact Daikin customer support https://www.daikin.eu/en_us/customers/support.html .
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-254-10
- https://www.daikin.eu/en_us/customers/support.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.